97 lines
2.8 KiB
Markdown
97 lines
2.8 KiB
Markdown
# SSSD
|
|
|
|
## Check Domain State
|
|
As `root` check what domains are configured:
|
|
```
|
|
# sssctl domain-list
|
|
D.PSI.CH
|
|
#
|
|
```
|
|
and then check their state:
|
|
```
|
|
# sssctl domain-status D.PSI.CH
|
|
Online status: Offline
|
|
|
|
Active servers:
|
|
AD Global Catalog: not connected
|
|
AD Domain Controller: dc01.D.PSI.CH
|
|
|
|
Discovered AD Global Catalog servers:
|
|
None so far.
|
|
Discovered AD Domain Controller servers:
|
|
- dc01.D.PSI.CH
|
|
- dc02.D.PSI.CH
|
|
- dc00.D.PSI.CH
|
|
|
|
#
|
|
```
|
|
|
|
## Check User State
|
|
```
|
|
# sssctl user-checks buchel_k
|
|
user: buchel_k
|
|
action: acct
|
|
service: system-auth
|
|
|
|
SSSD nss user lookup result:
|
|
- user name: buchel_k
|
|
- user id: 44951
|
|
- group id: 710
|
|
- gecos: Bucheli Konrad
|
|
- home directory: /home/buchel_k
|
|
- shell: /bin/bash
|
|
|
|
SSSD InfoPipe user lookup result:
|
|
- name: buchel_k
|
|
- uidNumber: 44951
|
|
- gidNumber: 710
|
|
- gecos: Bucheli Konrad
|
|
- homeDirectory: /afs/psi.ch/user/b/buchel_k
|
|
- loginShell: /bin/bash
|
|
|
|
testing pam_acct_mgmt
|
|
|
|
pam_acct_mgmt: Success
|
|
|
|
PAM Environment:
|
|
- no env -
|
|
#
|
|
```
|
|
|
|
## Check Log for AD connection
|
|
|
|
If `/var/log/sssd/sssd_D.PSI.CH.log` complains about file issues like
|
|
|
|
```
|
|
* (2024-10-03 9:47:17): [be[D.PSI.CH]] [sysdb_delete_cache_entry] (0x0020): [RID#78] LDB Error: No such object (32); error message: [ldb_wait from ldb_delete with LDB_WAIT_ALL: No such object (32)]
|
|
********************** BACKTRACE DUMP ENDS HERE *********************************
|
|
|
|
(2024-10-03 9:47:17): [be[D.PSI.CH]] [sysdb_delete_entry] (0x0040): [RID#78] sysdb_delete_cache_entry failed: 2
|
|
(2024-10-03 9:48:24): [be[D.PSI.CH]] [sysdb_create_ts_entry] (0x0040): [RID#90] ldb_add failed: [Entry already exists](68)[Entry name=X06SA@d.psi.ch,cn=groups,cn=D.PSI.CH,cn=sysdb already exists]
|
|
* ... skipping repetitive backtrace ...
|
|
(2024-10-03 9:48:24): [be[D.PSI.CH]] [sysdb_create_ts_entry] (0x0040): [RID#90] Error: 17 (File exists)
|
|
* ... skipping repetitive backtrace ...
|
|
(2024-10-03 9:48:24): [be[D.PSI.CH]] [sysdb_create_ts_entry] (0x0040): [RID#90] ldb_add failed: [Entry already exists](68)[Entry name=gac-x07da@d.psi.ch,cn=groups,cn=D.PSI.CH,cn=sysdb already exists]
|
|
* ... skipping repetitive backtrace ...
|
|
(2024-10-03 9:48:24): [be[D.PSI.CH]] [sysdb_create_ts_entry] (0x0040): [RID#90] Error: 17 (File exists)
|
|
* ... skipping repetitive backtrace ...
|
|
(2024-10-03 9:48:24): [be[D.PSI.CH]] [sysdb_create_ts_entry] (0x0040): [RID#90] ldb_add failed: [Entry already exists](68)[Entry name=X07DA@d.psi.ch,cn=groups,cn=D.PSI.CH,cn=sysdb already exists]
|
|
```
|
|
|
|
delete the `sssd` files:
|
|
|
|
```
|
|
systemctl stop sssd.service
|
|
rm -f /var/lib/sss/db/*
|
|
systemctl start sssd.service
|
|
```
|
|
|
|
## Extended Logging
|
|
|
|
To get more logging messages you may raise the log level to 6, either permanently in Hiera with key `aaa::sssd_debuglevel` or temporary on the host itself with
|
|
```
|
|
sssctl debug-level 6
|
|
```
|
|
|
|
The logs are located in `/etc/log/sssd/`
|